If you found value in this post, consider following me on X @davidpuplava for more valuable information about Game Dev, OrchardCore, C#/.NET and other topics.
You can use a private NuGet repository in your docker build process. The best, most deterministic way to do this is to add a NuGet.config
file to your repository with details.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="NuGet" value="https://api.nuget.org/v3/index.json" />
<add key="myfeed" value="https://www.davidpuplava.com/nuget/index.json" />
</packageSources>
<disabledPackageSources />
</configuration>
Consider the following Dockerfile
for building an ASP.NET web application. This work if your NuGet repository does not require authentication.
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
LABEL stage=build-env
WORKDIR /app
# Copy and build
COPY ./src /app
COPY ./NuGet.config /app
RUN dotnet publish /app/MyApp.Web -c Release -o ./build/release --framework net8.0
# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:8.0
EXPOSE 80
ENV ASPNETCORE_URLS http://+:80
WORKDIR /app
COPY --from=build-env /app/build/release .
ENTRYPOINT ["dotnet", "MyApp.Web.dll"]
If your private NuGet feed requires authentication, you have a few options for how docker build can authenticate with your feed. One options is to store the credentials in plain text in the NuGet.config
file but this is not very secure. Plus your intermediate layers from your docker build process will store this information.
You can environment variables to pass this information into your docker build
process without storing secrets in your NuGet.config
file.
You can take advantage of NuGet's default environment variable support NuGetPackageSourceCredentials_<package-name>
where <package-name>
is the name of your private repository.
When this environment variable is set, NuGet will automatically use it for authentication to that repository.
The formation for the value of the environment variable is Username=...;Password=...;
. You can also add ValidAuthenticationTypes=Basic
if you desire. You'd do this if you want to explicitly control how NuGet should authenticate against your repository.
Consider the following example.
Username=myfeed-pat;Password=SuperSecretPWD!;ValidAuthenticationTypes=Basic
To configure, open Window's System Environment variables and click "New...". Enter the special environment variable name, and value.
In our working example we have a private NuGet repository named myfeed
that is accessed with a personal access token username/password of myfeed-pat/SuperSecretPWD!
.
After you configure your environment variable, you can use it in your Dockerfile
by adding these two lines. The first line adds an argument to your docker build file. The second line assigns that argument value to your docker build's environment variable context.
ARG NuGetPackageSourceCredentials_myfeed
ENV NuGetPackageSourceCredentials_myfeed=$NuGetPackageSourceCredentials_myfeed
Here is the final Dockerfile
using envinroment variables to authenticate against a secured private NuGet repository.
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
LABEL stage=build-env
ARG NuGetPackageSourceCredentials_myfeed
WORKDIR /app
# Copy and build
COPY ./src /app
COPY ./NuGet.config /app
ENV NuGetPackageSourceCredentials_myfeed=$NuGetPackageSourceCredentials_myfeed
RUN dotnet publish /app/MyApp.Web -c Release -o ./build/release --framework net8.0
# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:8.0
EXPOSE 80
ENV ASPNETCORE_URLS http://+:80
WORKDIR /app
COPY --from=build-env /app/build/release .
ENTRYPOINT ["dotnet", "MyApp.Web.dll"]
You can now pass your build server's environment variable into docker build to set the docker build processes environment variable during the build process with --build-arg
.
Here is the docker build
command.
docker build -f .\Dockerfile -t davidpuplava.com/nuget --build-arg NuGetPackageSourceCredentials_myfeed=$($Env:NuGetPackageSourceCredentials_myfeed) .
You can securely access a private NuGet repository with docker build
using environment variables to avoid storing secrets in source control.
If you found value in this post, consider following me on X @davidpuplava for more valuable information about Game Dev, OrchardCore, C#/.NET and other topics.